Midland Healthcare Providers Inform Patients of Privacy Breach

Earlier this month, we covered a privacy incident reported by Midland Memorial Hospital that resulted in the exposure of 1,468 patient records. The paper files were left unattended at a private residence by Mario M. Gross, M.D., a physician who had previously worked at the hospital.

Now two further healthcare providers in Midland, Texas have announced that their patients’ PHI was exposed and potentially compromised in the same incident. Dr. Gross had worked for multiple healthcare organizations in the Midland area. The records of at least 3,511 patients were left unattended and unprotected.

Midland Women’s Clinic Notifies 717 Patients of PHI Exposure

On April 26, 2016., Midland Women’s Clinic discovered that Gross had left information relating to 717 patients at his former residence according to a press release issued by the clinic.

Patients affected by the breach had received medical services prior to 2006 when Gross had last worked at the clinic. The records have now been retrieved and secured and the internal investigation has been completed. The documents contained names, home addresses, dates of birth, medical diagnoses, details of prescribed medications, and account numbers. Some patients’ Medicare, Medicaid, and Social Security numbers were also detailed in the retrieved documents.

The information was only left exposed for a limited period of time, but it was not possible to determine whether any PHI was accessed by unauthorized individuals. To ensure patients are protected from harm, all individuals whose PHI was exposed have been offered a year of credit monitoring and identity theft protection services without charge.

Midland Women’s Clinic has also advised its staff of the incident and has reminded employees of the importance of securing patients’ PHI. Policies and procedures have also been updated to prevent future PHI breaches of this nature.

Premier Physicians Group Alerts 1,326 Patients of PHI Breach

Midland-based Premier Physicians Group – formerly Premier Family Care – has also alerted some of its patients that their PHI was exposed as a result of the actions of Dr. Gross. Premier was alerted to the privacy breach on April 8, 2016.

Premier provided further information on the exact nature of the breach in its substitute breach notice. Dr. Gross had moved out of the local area, but he left documents containing patients PHI at his former address. Ownership of the former home of Dr. Gross was transferred to the bank. Documents left at the property included the PHI of 1,326 patients who were registered with Premier Physicians Group.

Premier was notified that patient information had been left behind by Dr. Gross and arrangements were made to retrieve and secure the records. The paperwork contained patients’ names, medical record numbers, dates of birth, Social Security numbers, medical insurance information, and clinical data. Premier Physicians Group is not aware of any misuse of patient data.

Policies and procedures have been updated as a result of the privacy breach and staff have been reminded of HIPAA Rules regarding the protection of patient data.

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.